VisorCentral.com Pages (2): « 1 [2]
Show 20 posts from this thread on one page

VisorCentral.com (http://discussion.visorcentral.com/vcforum/index.php)
- Off Topic (http://discussion.visorcentral.com/vcforum/forumdisplay.php?forumid=6)
-- Ugh. More Spam. (http://discussion.visorcentral.com/vcforum/showthread.php?threadid=18813)

Posted by Toby on 10-14-2001 05:55 PM:

quote:
Originally posted by homer
They don't necessairly sell it. Your address is public record when used to register a domain name. A simple WhoIS search will bring up the email address of any domain name owner.
This is as it should be. The entire purpose of a simple whois search is to know how to contact the person who is in charge of a domain.
quote:
Now, could they do something to prevent that? YES! But they won't.
Who cares if they _c_ould? The question is whether or not they _sh_ould. I say no. How else is one supposed to find the administrative information for domains to report problems with their service, customers, etc.? If I can find it for legitimate purposes, there's nothing to stop spammers from finding it for their purposes.

Posted by homer on 10-14-2001 06:35 PM:

quote:
Who cares if they _c_ould? The question is whether or not they _sh_ould. I say no. How else is one supposed to find the administrative information for domains to report problems with their service, customers, etc.? If I can find it for legitimate purposes, there's nothing to stop spammers from finding it for their purposes.


They should block it from public (ie, automated) exposure...just like this forum, or eBay does.

You'd still be able to email them directly, but you wouldn't be able to see the email address.

Most email addresses are collected off of the internet via bots that simply go from page to page looking for email addresses. I'm sure the WhoIS database, in it's current incarnation, is quite easy to exploit with a simple automated script to gather email addresses.

Alternatively, one could set up an email address solely for the purpose of registering domain names, then simply block any and all email coming to it except from that from NetSol (or whatever registrar you used).

__________________
We're all naked if you turn us inside out.
-David Byrne

Posted by Yorick on 10-14-2001 07:31 PM:

quote:
Originally posted by homer
I'm sure the WhoIS database, in it's current incarnation, is quite easy to exploit with a simple automated script to gather email addresses.

In which case it's InterNIC that needs to be contacted, as that organization is responsible for WhoIS and for domain name and IP address assignments. (okay, so Network Solutions is a part of that, but with all the registrars out there now ....)
Since WhoIS is just a database it would -- in my opinion, having worked with various forms of searhable databases for several years -- be difficult to add in all the HTML needed to change plain email addresses to email links to hide the address.
The interface could be modified, but that won't prevent a bot from accessing the DB via a different interface or function.

__________________
The light at the end of your tunnel has been disconnected due to non-payment. Please remit funds immediately for restoration of hope.

Posted by Toby on 10-14-2001 10:38 PM:

quote:
Originally posted by homer
They should block it from public (ie, automated) exposure...just like this forum, or eBay does.
Why should they do that? This forum has a limited purpose, so there's no reason why any anonymous person on the internet should have a reason to contact me. The same with eBay (although any eBay user can find the information about any other eBay user). The name registration database serves a different purpose, though. It's purpose is to _allow_ anyone to contact a registree on issues regarding their domain. The email addresses here are peripheral to the purpose of the board, and the ones on eBay are limited to the people who would have a theoretical need to use them (interested buyers or sellers). There really isn't any limit to who might potentially need the information contained in DNS information. It's there _because_ people should be able to find it.
quote:
You'd still be able to email them directly, but you wouldn't be able to see the email address.
And how do you propose that this be coordinated among the plethora of registrars out there today?
quote:
Most email addresses are collected off of the internet via bots that simply go from page to page looking for email addresses. I'm sure the WhoIS database, in it's current incarnation, is quite easy to exploit with a simple automated script to gather email addresses.
So am I, but I'm sure that webpages are just as easy to exploit with the search engine technology available. If one doesn't want somebody to be able to find one, then one shouldn't have any reason to have either a domain name registration or a web page.
quote:
Alternatively, one could set up an email address solely for the purpose of registering domain names, then simply block any and all email coming to it except from that from NetSol (or whatever registrar you used).
That's always an option, but then there may be other reasons that one could be getting legitimate emails from other sources.

Posted by homer on 10-15-2001 04:55 AM:

quote:
There really isn't any limit to who might potentially need the information contained in DNS information. It's there _because_ people should be able to find it.


To clarify...I'm talking about hiding the email addresses from computer-obtainable methods, ie 'bots whose sole purpose is to harvest spammable email addresses.

Also, I can request an unlisted phone number, why not an unlisted email address on a domain name registration. BTW, WHY is this info important to the general public?

quote:
And how do you propose that this be coordinated among the plethora of registrars out there today?


Umm...centralized database?

quote:
So am I, but I'm sure that webpages are just as easy to exploit with the search engine technology available. If one doesn't want somebody to be able to find one, then one shouldn't have any reason to have either a domain name registration or a web page.


Huh? This isn't about people finding me...it's about not getting my email address into the SPAM lists.

quote:
That's always an option, but then there may be other reasons that one could be getting legitimate emails from other sources.


Perhaps. But I doubt it. If people legitimately wanted to get a hold of me via email for a reason OTHER than a sales pitch, then they'd probably already have one of my other email addresses.

__________________
We're all naked if you turn us inside out.
-David Byrne

Posted by Toby on 10-15-2001 03:07 PM:

quote:
Originally posted by homer
To clarify...I'm talking about hiding the email addresses from computer-obtainable methods, ie 'bots whose sole purpose is to harvest spammable email addresses.
I think that was clear.
quote:
Also, I can request an unlisted phone number, why not an unlisted email address on a domain name registration.
Because the two serve drastically different purposes. There is no reason that any generic person in the world should need to call you (although auto dialing type spam ware seems to be pretty popular these days). By 'auto-dialing', I'm referring to software which will generate common dictionary words and common first name/last initial and first initial/common last name combinations in order to bulk mail spam, similar to the way that some telemarketers will just sequentially dial numbers (although true auto-dialers are illegal in some jurisdictions to my recollection).
quote:
BTW, WHY is this info important to the general public?
So that people who might be having trouble accessing a domain can contact the system administrator to resolve the problem for one example. Another would be the case where a computer on a domain is either attacking or being used as a zombie to attack another domain/host/whatever. Having a personal website is not the sole purpose of having a domain name.
quote:
Umm...centralized database?
Umm...they used to have that, then the govco mandated coopetition to decentralize the 'power'.
quote:
Huh? This isn't about people finding me...it's about not getting my email address into the SPAM lists.
And if a person can find you, then there's nothing to prevent automating the process.
quote:
Perhaps. But I doubt it. If people legitimately wanted to get a hold of me via email for a reason OTHER than a sales pitch, then they'd probably already have one of my other email addresses.
Then why do you have a domain name, if only people who know your address should be able to find you? [email protected] would allow them to contact you without bothering to use DNS.

Posted by homer on 10-15-2001 03:52 PM:

quote:
There is no reason that any generic person in the world should need to call you


And there is no reason that any generic persron in the world should need to email me via my domain name record.

quote:
So that people who might be having trouble accessing a domain can contact the system administrator to resolve the problem for one example.


Rarely are the domain record contacts actually the sysadmins.

quote:
Another would be the case where a computer on a domain is either attacking or being used as a zombie to attack another domain/host/whatever.


OK, that's legitimate. So, if that is the case, why wouldn't a suitable solution be to search the domain name name record, and hit an EMAIL CONTACTS button, that would allow you to send an email to them without the actual addresses being exposed? It would accomplish the same thing, wouldn't it?

quote:
Umm...they used to have that, then the govco mandated coopetition to decentralize the 'power'.


Oh sure...but they could still centralize all records...in fact, they should.

quote:
And if a person can find you, then there's nothing to prevent automating the process.


Uh...yes there is. This board for example. You can email anyone in these forums without the email addresses actually being exposed to email farming bots.

quote:
Then why do you have a domain name, if only people who know your address should be able to find you?


Not sure what you mean. There are hundreds of reasons to have a domain name. Of those reasons, ONE of them would be allow people to find you, which is fine...post your email address then. But that's a much more voluntary method.

You could also decide that I don't want my email address posted on the site and would rather post a contact form on your site. This accomplishes the same thing (people can contact you) without the need to post your email address for Spammers to find.

__________________
We're all naked if you turn us inside out.
-David Byrne

Posted by Toby on 10-15-2001 04:11 PM:

quote:
Originally posted by homer
And there is no reason that any generic persron in the world should need to email me via my domain name record.
Let's cut to the chase: why do you have a domain name record?
quote:
Rarely are the domain record contacts actually the sysadmins.
Then these people are not using the system properly. The technical contact should be just that.
quote:
OK, that's legitimate. So, if that is the case, why wouldn't a suitable solution be to search the domain name name record, and hit an EMAIL CONTACTS button, that would allow you to send an email to them without the actual addresses being exposed? It would accomplish the same thing, wouldn't it?
Except that it builds in an additional layer of complexity (and potential for failure) which isn't necessary.
quote:
Oh sure...but they could still centralize all records...in fact, they should.
Then they should roll the function back into govco's responsibility. How exactly is one going to have competition for services when one's competitors have just as much potential control over your databases as you do?
quote:
Uh...yes there is. This board for example. You can email anyone in these forums without the email addresses actually being exposed to email farming bots.
Are you aware of the difference of scale with which we're dealing here?
quote:
Not sure what you mean.
I'm referring to the purpose of the domain name system.
quote:
There are hundreds of reasons to have a domain name.
And which purpose would exclude others needing to contact you? A vanity email domain? A vanity personal website domain?
quote:
Of those reasons, ONE of them would be allow people to find you, which is fine...
You start naming your hundred, and I'll start telling you a reason why someone might need to find the technical or administrative contact.
quote:
post your email address then. But that's a much more voluntary method.
I have no reason to have my email address posted other than in the domain name record.
quote:
You could also decide that I don't want my email address posted on the site and would rather post a contact form on your site. This accomplishes the same thing (people can contact you) without the need to post your email address for Spammers to find.
Maybe you should take this up with your registrar, then. AFAIC, the DNS system is working fine and fulfilling its purpose as is. I've no love of spam, but there really isn't any way that fixing something that isn't broken is likely to change the amount that I get.

Posted by homer on 10-16-2001 12:55 AM:

quote:
Let's cut to the chase: why do you have a domain name record?


If I want to purchase a domain, they insist that there is a record of it. That makes sense. It also servers a purpose in that you can contact the owners of said domain. That makes sense to. Having the email address appear as text in the entry...well, that's just being lazy and allowing any Spam bot to come along and collect said address.

quote:
Then these people are not using the system properly. The technical contact should be just that.


Well, there's a reason that they don't do that...too much spam.

quote:
Except that it builds in an additional layer of complexity (and potential for failure) which isn't necessary.


Well, I wouldn't say it's that much complexity. It's a simple database + mailform. Of course, I am also arguing that it IS necessary, but so be it.

quote:
Then they should roll the function back into govco's responsibility. How exactly is one going to have competition for services when one's competitors have just as much potential control over your databases as you do?


They're competing on features + customer service. They are not competing based on any sort of proprietary database. The database simply indicates which names are taken, who owns them, and which registrar is maintaining them. Nothing proprietary there. The features and customer service that they are competing on are independant of the main database of records.

quote:
Are you aware of the difference of scale with which we're dealing here?


Oh sure. Ebay is a much larger scale than this site too, yet they offer the same sort of email protection.

quote:
I'm referring to the purpose of the domain name system.


I lost track of this portion of the debate. Oops.

quote:
And which purpose would exclude others needing to contact you? A vanity email domain? A vanity personal website domain? You start naming your hundred, and I'll start telling you a reason why someone might need to find the technical or administrative contact.


hoo boy. I said a hundred, eh? OK, here goes...

1) publishing a newsletter anonymously
2) maybe it is a domain name only for people in my company
3) maybe it is simply a domain name for my email address
4) maybe it is an alias to another domain name or maybe
5) maybe I'm sitting on it for future use
6) maybe I reserved it to protecy my trademark (ie, nikesucks.com)

Damn. That's only 6. Ok, let me rephrase: There are 7 reasons to put up a web site, and only one of them is really one where I want random people to contact me.

quote:
I have no reason to have my email address posted other than in the domain name record.


Ok. What were we arguing about regarding this comment?

quote:
Maybe you should take this up with your registrar, then. AFAIC, the DNS system is working fine and fulfilling its purpose as is. I've no love of spam, but there really isn't any way that fixing something that isn't broken is likely to change the amount that I get.


The domain records are public record...I don't think individual registrars can voluntarily hide email addresses.

Not sure what the DNS service has to do with Spam.

I also wasn't attempting to fix the Spam problem. I was merely pointing out that an easy way spammers find your email address is through automated searching of the WhoIS database. There are technological solutions that would make it difficult and/or impossible for spammers to automatically cultivate the addresses from the WhoIS database.

__________________
We're all naked if you turn us inside out.
-David Byrne

Posted by Toby on 10-16-2001 02:43 AM:

quote:
Originally posted by homer
[...]
You know, I had a lenghty reply explaining what the purpose of the WHOIS database and why it was there, but ultimately, that's the way the system works. Personally, I wish that they had never instituted competition within the system, because the overwhelming majority of spam that I get from my DNS record is from other registrars who are trying to entice me to switching to their service.

Posted by homer on 10-16-2001 02:57 PM:

quote:
Personally, I wish that they had never instituted competition within the system, because the overwhelming majority of spam that I get from my DNS record is from other registrars who are trying to entice me to switching to their service.


Keep in mind that the DNS record and the WhoIS records are different things. The DNS record is merely a 'phone book' that matches the domain name with the appropriate IP address. Only computers use this (The Domain Name Servers). The WhoIS records main purpose is so that the registrars can remember to bill you regularly.

I don't think a lack of competition would solve anything either. NetSol always has had an open database (in fact, it's been compromised in the pass by people breaking into the system). The competition has been a good thing. None of the Registrars are perfect, but more and more of them are offering affordable options with intutive interfaces. I've been slowly moving all of my domains over to Dotster simply because I can control the DNS info myself.

From Internic's FAQ:

quote:
Information about who is responsible for domain names is publicly available to allow rapid resolution of technical problems and to permit enforcement of consumer protection, trademark, and other laws.


I don't buy that. They're just being lazy. They could still facilitate the communication between people via email without having the email in such an easily spam-harvestable format. But oh well.

__________________
We're all naked if you turn us inside out.
-David Byrne

Posted by Toby on 10-16-2001 03:24 PM:

quote:
Originally posted by homer
Keep in mind that the DNS record and the WhoIS records are different things.
No, WHOIS records are part and parcel of the domain name system. They tell you who the name server for that domain is.
quote:
The DNS record is merely a 'phone book' that matches the domain name with the appropriate IP address. Only computers use this (The Domain Name Servers). The WhoIS records main purpose is so that the registrars can remember to bill you regularly.
Um...no. WHOIS was around long before there were multiple registrars and IIRC before there was any billing involved for having a domain name.
quote:
I don't think a lack of competition would solve anything either.
That was TIC. I thought it was blatantly obvious.
quote:
NetSol always has had an open database (in fact, it's been compromised in the pass by people breaking into the system).
I'm well aware of that. However, the majority of the spam I get is still of the type that wants to entice me to change my registrar or to register a new TLD for my existing one.
quote:
I don't buy that.
Why don't you buy it? It's the truth.
quote:
They're just being lazy. They could still facilitate the communication between people via email without having the email in such an easily spam-harvestable format. But oh well.
And what I'm telling you is that a webform is not an option for everyone. Hmm...I wonder if those things would even work on lynx (which is the only browser you'll have any chance of seeing on one of the machines I'm most likely to be logged into when doing a whois search).

Posted by homer on 10-16-2001 09:22 PM:

quote:
No, WHOIS records are part and parcel of the domain name system. They tell you who the name server for that domain is.


That information is only relevant for the person that runs the DNS server. When you type in a domain name in your browser, it queries your local DNS server. It could care less about the Whois record.

Yes, when you register a domain name, you need to provide a DNS server, but the only reason for that is that they want the domain to point to something initially, and they want a particular DNS to be the 'parent' DNS server for that particular domain name.

quote:
Um...no. WHOIS was around long before there were multiple registrars and IIRC before there was any billing involved for having a domain name.


Yea. I know. I was being sarcastic.

Or at least I was trying to be. I should have used the rolling eyes smily I guess.

quote:
Why don't you buy it? It's the truth.


Who says? Their FAQ? FAQs aren't necessarily the truth, just answers to questions.

quote:
And what I'm telling you is that a webform is not an option for everyone. Hmm...I wonder if those things would even work on lynx (which is the only browser you'll have any chance of seeing on one of the machines I'm most likely to be logged into when doing a whois search).


Lynx should handle web forms just fine. The actual processes are all handled server-side...not client side.

__________________
We're all naked if you turn us inside out.
-David Byrne

Posted by Toby on 10-16-2001 10:29 PM:

quote:
Originally posted by homer
That information is only relevant for the person that runs the DNS server. When you type in a domain name in your browser, it queries your local DNS server. It could care less about the Whois record.
If it couldn't care less, then...
quote:
Yes, when you register a domain name, you need to provide a DNS server, but the only reason for that is that they want the domain to point to something initially, and they want a particular DNS to be the 'parent' DNS server for that particular domain name.
Not just the parent. It's considered the 'authoritative' source for name records for that domain. My DNS doesn't host all of the names for the entire internet. It only caches what's been requested recently. For things that aren't in its cache, it has to get the information from somewhere.
quote:
Who says? Their FAQ? FAQs aren't necessarily the truth, just answers to questions.
Because that's what its historical purpose has been. Just because some are abusing that service currently does not negate what it's there for. To make an analogy to tie it to current events, does a terrorist abusing the tenets of Islam negate Islam?
quote:
Lynx should handle web forms just fine. The actual processes are all handled server-side...not client side.
The processes are handled server-side, but the method by which they're displayed or the language by which they're produced (javascript/whatever) isn't necessarily done so.

Posted by homer on 10-17-2001 12:55 AM:

quote:
Not just the parent. It's considered the 'authoritative' source for name records for that domain. My DNS doesn't host all of the names for the entire internet. It only caches what's been requested recently. For things that aren't in its cache, it has to get the information from somewhere.


umm...right...exactly. (Was I disagreeing?)

quote:
The processes are handled server-side, but the method by which they're displayed or the language by which they're produced (javascript/whatever) isn't necessarily done so.


Actually, I'd see it as strictly a mailform. You look up the record, and then you want to email the person. Fill out the mailform, it sends the data to the server which then forwards it on to the owner. The only thing the web browser would need to support is a few form elements...which, I believe, every web browser can.

__________________
We're all naked if you turn us inside out.
-David Byrne

Posted by Toby on 10-17-2001 03:23 AM:

homer, see it however you wish to see it. Ultimately, it's a tool that was set up for and historically used for a set purpose which still exists, and there's no _need_ to make any changes to the system. AFAIC, the only effective solution is to regulate the behavior/people and not the tool.

Posted by homer on 10-17-2001 05:09 AM:

quote:
and there's no _need_ to make any changes to the system.


No argument there. They certainly don't NEED to change it. It's just be nice if they did.

__________________
We're all naked if you turn us inside out.
-David Byrne

Posted by Toby on 10-17-2001 02:26 PM:

quote:
Originally posted by homer
No argument there. They certainly don't NEED to change it. It's just be nice if they did.
Lobby ICANN then (they ultimately make the rules), or in the meantime...try this.

Posted by homer on 10-17-2001 04:02 PM:

Toby:

Thanks for the link...that's interesting. I'm going to see if the other registrars offer the same service...

Sadly, reading the page it links to, I found this:

"Additionally, we may share the information stored on that database, as well as other information that is not of a sensitive nature, with carefully selected business partners, including those who offer services that complement those provided by us or which may otherwise be of interest to you."

I hate crap like that. I hate NetSol. Ugh.

__________________
We're all naked if you turn us inside out.
-David Byrne
All times are GMT. The time now is 04:47 AM. Pages (2): « 1 [2]
Show 20 posts from this thread on one page

Powered by: vBulletin Version 2.3.4
Copyright © Jelsoft Enterprises Limited 2000 - 2016.